Network Prevent Email integration with Exchange Server

I don't have a lot of knowledge about Exchange. I am deploying DLP for a client and they use Exchange as their Mail Server. They are many Exchange boxes in their enviornment with different roles like Mailbox, Hub Transport, Edge Transport etc. Admin guide just says that you have to integrate Network Prevent with MTA. With which role should i integrate Network Prevent. Also is there any plugin that needs to be installed on Exchange?

there are a 2 options, first you need to decide if you want forward or reflecting mode.

next you need to get between the exchange server and the outbound egress. also you need to look at how many messges per sec you are pushing as multiple NP for email may be required. i have used a internal netscaler to round robin to load balance them previously and mx records with a cost count from 10 to 40.

i would review all this with your client post here is you need more info

there is no agent to be instsalled, you would want the transport as hub handles all the internal mail flow and sends it up to the transport if this is all they have setup. you need to install the net prev for email server.

I have attached the np for email server guide in there as it will show sample artichecture and design and mail flow for each. If you show this to your clients they will see where they need to place it.

I think the issue is you are misunderstanding Vontu's service... It is not an exchange agent; it is only an interceptor of SMTP communications. The message has to leave the exchange server for Vontu to read it. The message will leave via SMTP from the hub transport server if a message is set to be delivered outside the exchange enterprise.

It also means that messages that don’t leave the exchange server are not accessible to vontu in real-time. If you want them to be scanned post-send, enable an exchange journal rule and target a SMTP server that has the vontu appliance in between.

So i have to configure Hub Transport to forward the email to Network Prevent Email and after inspection the Network Prevent will resend the email to Hub Transport. Hub Transport will then move the email outside the organization. Right?

sort of correct, you need to send it to the next hop. this may be a bridge head server, this may be a email encrypter. i assume we are dealing with exchange 2010? is there still a 03 legacy excchange box there and what is acting as a bridge head server?

you need to get the exchange guys involved as they will need to decide costs and you will need a mx record for the next hops... also you need to know how many messages per sec you are sending as multiple NP for email may be required. Also in the advanced settings you need to look at ports you are sendning and receiving on. I believe by default they are 1025 and 1026. If the down range email server is looking for 25 it will never connect. Also is there a load balancer you can take advantage of for internal setup...

First of all identify ,what server is used to send emails to Internet .Is it Hub Transport Or Edge Transport .Going from the inside to internet , Your Network protect should be after Hub Transport and before the MTA which is responsible to send emails to Internet .

Than you need to configure Smart Host on your exchange Server for the outgoing emails .Email must go throug Email Prevent .

You can also use default port 25 if your hub transport ,email prevent and gateway mta are all on separate machines .